AtalayaLabs/OxiCloud v0.3.5

on GitHub

🚀 OxiCloud v0.3.5

A massive bug-fix and polish release driven entirely by community feedback. This version addresses 12 issues spanning security, OIDC authentication, uploads, UI consistency, and quality-of-life improvements.

🔒 Security

• Scope root folder listing to authenticated user — Non-admin users could previously see all users' root folders, including the admin's. The backend now filters GET /api/folders by the authenticated user's JWT identity, so each user only sees their own home folder. (#94)

🔑 OIDC / Authentication

• Add SSO login button — Login page now queries /api/auth/oidc/providers and shows an SSO button when OIDC is configured. Password form is hidden when password login is disabled. (#88, #89)
• Complete OIDC login flow — Frontend now properly exchanges the authorization code for JWT tokens after the IdP redirect. (#90)
• Fix async checkAuthentication — checkAuthentication() was a regular function using await, causing a parse error that broke the entire app. (#90)
• Fetch OIDC discovery before building authorization URL — get_authorize_url() was synchronous and fell back to a wrong URL pattern. Now async, fetching the real authorization_endpoint from the discovery document. (#91)
• Hide password change form for OIDC-only setups — Profile page now queries OIDC config and hides the change-password section when password login is disabled. (#96)

📁 Storage & Uploads

• Increase upload body limit to 10 GB — Axum's default 2 MB body limit was silently truncating uploads. Added DefaultBodyLimit::max(10 GB) globally and on file upload routes. (#95)
• Add file upload progress toast — New floating progress indicator with per-file byte-level tracking via XHR, replacing the hidden dropzone-only progress. (#93)
• Cap default storage quota to available disk space — Admin quota was hardcoded to 100 GB regardless of actual disk capacity. Now uses fs2::available_space() to cap it. (#92)

🎨 UI / UX

• Hide system directories — .blobs, .trash, .dedup_temp and other dot-prefixed folders are no longer visible to any user. (#87)
• Make logo a clickable home link — The top-left logo is now an <a href="/"> on all pages (index, profile, admin, shared). (#97)
• Close About modal with ESC — Standard keyboard shortcut now works. (#98)
• Clean URLs (no .html extensions) — /profile, /admin, /shared now served via dedicated routes. All internal links updated. Old .html URLs still work as fallback. (#99)

🔧 Other

• Fix cargo run — Added default-run = "oxicloud" to Cargo.toml. (#80)
• Standardize folder naming — Unified home folder convention to English (My Folder - {username}) everywhere.
• Italian localization — Added it.json with all translation keys. (Thanks @albanobattistella!)

🙏 Community

Huge thanks to the incredible bug reporters who made this release possible:

• @frenzeldk — Filed 10 detailed issues (#87, #88, #89, #93, #94, #95, #96, #97, #98, #99) with clear reproduction steps, screenshots, and environment details. Absolute hero. 🏆
• @mihha — Reported the compilation fix (#80) and OIDC flow issues (#90, #91, #92).
• @albanobattistella — Contributed Italian localization.

You are the best. Every bug report makes OxiCloud better for everyone. Keep them coming! 💪

What's Changed

• Create Italian localization file it.json by @albanobattistella in #86

New Contributors

• @albanobattistella made their first contribution in #86

Full Changelog: v0.3.4...v0.3.5